cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
951
Views
0
Helpful
3
Replies

Voice SSID using ISE

layh
Level 1
Level 1

We would like to set up a voice only SSID for Cisco 7925 wireless phones.  We are running version 1.1 of ISE and 7.0.116 on older lan controllers.

Obviously we can do things to discourage other users/devices from connecting to this SSID but we would really like to restrict devices to just Cisco wireless phones. There seems to be no checks in ISE for 7925s.

Anyone have any relevant experience and/or suggestions ?

Bob

1 Accepted Solution

Accepted Solutions

Eduardo Aliaga
Level 4
Level 4

According to documentation, 7925G do support EAP-TLS, so you use certificates to authenticate them

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/administration/guide/7925cfgu.html#wp1376129

Then on ISE you could use a certificate dictionary to look for the common name to start with "CP-7925" or whatever that IP Phone uses to identify itself

The following links is a great guide to use certificates with IP Phones and Cisco ACS

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/config_guide_c17-605524.html

PLease rate if it helps.

View solution in original post

3 Replies 3

Eduardo Aliaga
Level 4
Level 4

According to documentation, 7925G do support EAP-TLS, so you use certificates to authenticate them

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/administration/guide/7925cfgu.html#wp1376129

Then on ISE you could use a certificate dictionary to look for the common name to start with "CP-7925" or whatever that IP Phone uses to identify itself

The following links is a great guide to use certificates with IP Phones and Cisco ACS

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/config_guide_c17-605524.html

PLease rate if it helps.

Your suggestion was a good one. It took some work to get all the pieces together but this method is secure and allows us to restrict the SSID to wireless phones.

Thanks

Bob Layh

I'm glad I could help